Images

Classifications

G—PHYSICS

G07—CHECKING-DEVICES

G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE

G07C9/00—Individual entry or exit registers

G07C9/00126—Access control not involving the use of a pass

G07C9/00134—Access control not involving the use of a pass in combination with an identity-check

G07C9/00158—Access control not involving the use of a pass in combination with an identity-check by means of a personal physical data

Abstract

The invention relates to a method for verifying an authorization to log onto a system. According to the inventive method, a modified code is prestored in the system. Said modified code differs from the access authorization code stored in a part of the system which is inaccessible to or difficult to access by the user. Biological features of a user are detected and compared with features stored in the system. When said features coincide, a code is calculated from the modified code using a calculation specification. This calculated code is transmitted to the part of the system which is inaccessible to the user and is verified there using the stored access authorization code. The invention also relates to a device for verifying an access authorization to a system.

Es ist demnach die Aufgabe der vorliegenden Erfindung, ein Verfahren und eine Vorrichtung zu schaffen, bei denen die Authentifikation über biologische Merkmale des Benutzers erfolgt, wobei das Verfahren bzw. die Vorrichtung in Verbindung mit Systemen verwendbar sind, die einen herkömmlichen, in einem für den Benutzer unzugänglichen Teil des Systems gespeicherten Zugangsberechtigungscode erfordern. It is therefore the object of the present invention to provide a method and an apparatus in which the authentication is carried out on biological features of the user, the method and the device are used in conjunction with systems, a conventional, in a for the require stored user inaccessible part of the system access authorization code.

Diese Aufgabe wird erfindungsgemäß durch ein Verfahren mit den Merkmalen des Anspruchs 1 bzw. durch eine Vorrichtung mit den Merkmalen des Anspruchs 9 gelöst. This object is inventively achieved by a method having the features of claim 1 and by an apparatus with the features of claim 9.

Im einzelnen ist das erfindungsgemäße Verfahren zum Prüfen einer Zugangsberechtigung zu einem System dadurch gekennzeichnet, daß dem System im voraus ein modifizierter Code, der sich von dem in einem für den Benutzer unzugänglichen Teil des Systems gespeicherten Zugangsberechtigungscodes unterscheidet, gespeichert wird, das biologische Merkmale eines Benutzers erfaßt und mit in dem System gespeicherten Merkmalen verglichen werden und daß bei einer Übereinstimmung der Merkmale aus dem modifizierten Code mittels einer Rechenvorschrift einen Code berechnet, an den für Benutzer unzugänglichen Teil des Systems übertragen und dort mittels des gespeicherten Zugangsberechtigungscodes geprüft wird. In particular, the inventive method for checking an access authorization to a system is characterized in that the system is a modified code which is different from the data stored in an inaccessible for the user part of the system access authorization code is stored in advance, the biological characteristics of a user are detected and compared with stored features in the system, and that calculates a code in a match of the features from the modified code using a computation rule is transmitted to the user inaccessible for part of the system and is checked there by means of the stored access authorization code.

Vorteilhaft an dem erfindungsgemäßen Verfahren bzw. der erfindungsgemäßen Vorrichtung ist, daß eine biometrische Identifikation in Verbindung mit einem System möglich gemacht wird, das herkömmliche, in einem für Benutzer unzugänglichen Teil des System gespeicherte Zugangsberechtigungscodes verwendet. An advantage of the method according to the invention and of the device according to the invention that a biometric identification in connection with a system is made possible using the conventional, stored in an inaccessible portion of the system for user access authorization code.Damit kann die Erfindung besonders einfach bei bereits bestehenden Systemen angewendet werden, ohne Standards zu verändern. Thus, the invention can be applied to existing systems particularly easy without changing standards.

In einer Ausbildung der Erfindung wird der Code mittels der Rechenvorschrift in Abhängigkeit von dem modifizierten Code und zumindest einem Teil der biologischen Merkmale berechnet. In one embodiment of the invention, the code means of the calculating rule in response to the modified code and at least a part of biological features is calculated.Vorteilhaft an dieser Ausgestaltung ist, daß für Dritte, die sich unberechtigt Zugang zu dem System verschaffen wollen, die Berechnung des Codes besonders schwierig gestaltet wird, da ohne die Kenntnis der biologischen Merkmale des berechtigten Benutzers der Code nicht berechnet werden kann. The advantage of this design is that the calculation of the code is particularly difficult for third parties who wish to gain unauthorized access to the system because without knowing the biological characteristics of the authorized user of the code can not be calculated.

In einer Ausbildung der Erfindung ist das System ein Mobiltelefon mit einer SIM-Karte, wobei der Zugangsberechtigungscode vorteilhafterweise verschlüsselt auf der SIM-Karte gespeichert ist und die zu prüfenden biologischen Merkmale sowie der modifizierte Code in einem Festwertspeicher des Mobiltelefons gespeichert sind. In one embodiment of the invention, the system is a mobile telephone with a SIM card, wherein the access authorization code is advantageously stored encrypted on the SIM card and to be tested biological characteristics as well as the modified code is stored in a read only memory of the mobile phone.Vorteilhaft an dieser Ausbildung für Mobiltelefone ist, daß das Mobiltelefon weiterhin dem GSM-Standard genügt, da der Zugangsberechtigungscode, dh die PIN-Nummer, nicht in einem Speicher des Mobiltelefons selbst gespeichert ist, sondern nur in der SIM-Karte. An advantage of this training for mobile phones that the mobile phone continues to satisfy the GSM standard, as access authorization code, that the PIN number is not stored in a memory of the mobile phone itself, but only in the SIM card.Der Festwertspeicher des Mobiltelefons enthält einzig den modifizierten Code, der für einen unberechtigten Dritten nicht verwertbar ist. The only memory of the mobile phone contains only the modified code that is not usable for an unauthorized third party.

In einer weiteren Ausbildung der Erfindung umfaßt das System einen Computer und eine externe Einheit, die über eine Schnittstelle miteinander kommunizieren, wobei die Zugangsberechtigung eines Benutzers, der über den Computer um Zugang zu der externen Einheit nachsucht, geprüft wird. In a further embodiment of the invention, the system comprises a computer and an external unit which communicate with each other via an interface, wherein the access authorization of a user who is seeking is using the computer to access to the external unit is checked.In diesem Fall kann der erste Speicher, in dem der Zugangsberechtigungscode gespeichert ist, in der externen Einheit vorgesehen sein, die für den Benutzer nicht zugänglich ist. In this case, it may be provided in the external unit, the first memory in which the access authorization code is stored, which is not accessible to the user.Beispielsweise ist der erste Speicher der Speicher einer Bank. For example, the first memory of a bank memory.Der zweite Speicher, der die zu prüfenden biologischen Merkmale und den modifizierten Code enthält, kann der Festwertspeicher des Computers selbst sein. The second memory containing the to be tested biological characteristics and the modified code may be the read-only memory of the computer itself.Auch in diesem Fall muß die herkömmliche Prüfung der Zugangsberechtigung über PIN-Codes nicht verändert werden, obwohl die Authentifikation des Benutzers über biologische Merkmale erfolgt. Also in this case, the conventional testing of access authorization PIN code must not be changed, although the authentication of the user on biological characteristics takes place.

Die biologischen Merkmale können aus dem Fingerabdruck oder aus der Iris eines Auges eines Benutzers gewonnen werden. The biological characteristics can be obtained from the fingerprint or the iris of an eye of a user.

Im folgenden werden Ausführungsbeispiele der Erfindung unter Bezugnahme auf die Zeichnungen näher erläutert. In the following embodiments of the invention are explained in detail with reference to the drawings.

Die Vorrichtung ist in zwei Teile unterteilt. The device is divided into two parts.Ein erster Teil 8 ist für einen Benutzer unzugänglich bzw. sehr schwer zugänglich. A first part 8 is inaccessible or very difficult for a user.Beispielsweise kann dieser Teil die SIM-Karte eines Mobiltelefons oder der Zentralcomputer einer Bank sein. For example, this part may be the SIM card of a mobile phone or the central computer of a bank.

Der zweite Teil 7 der Vorrichtung ist für einen Benutzer leichter zugänglich. The second part 7 of the device is easily accessible to a user.Beispielsweise ist dieser Teil ein Mobiltelefon oder ein Computer, der über das Internet mit externen Diensten kommuniziert. For example, this part is a mobile phone or a computer that communicates over the Internet with external services.

Claims (17)

Method for checking access authorization for a
system,characterized
in that a modified code which is different than the
access authorization code stored in a part of the
system which users cannot access or at least have
difficulty accessing is stored (11) in the system in
advance,in that biological features of a user are detected (13)
and are compared (14) with features stored in the
system, andin that, if the features match, a computation rule is
used to calculate (15) a code from the modified code,
the calculated code is transmitted (16) to the part of
the system which users cannot access, and there it is
checked (18) using the stored access authorization
code.

Method according to Claim 1,characterized
in that the code is calculated using the computation
rule on the basis of the modified code and at least
some of the detected biological features.

Method according to Claim 1 or 2,characterized
in that the system is a mobile telephone with a SIM
card.

Method according to Claim 3,characterized
in that the access authorization code is stored on the
SIM card, and the modified code and the features are
stored in a read only memory of the mobile telephone.

Method according to Claim 4,characterized
in that the access authorization code is stored on the
SIM card in encrypted form.

Method according to Claim 1 or 2,characterized
in that the system comprises a computer and an external
unit which communicate with one another via an
interface, in the course of which the access
authorization of a user using the computer to request
access to the external unit is checked.

Method according to Claim 6,characterized
in that the access authorization code is stored (10) in
the external unit, and the modified code and the
features are stored (11, 12) in the computer.

Method according to one of the preceding
claims,characterized
in that the biological features are obtained from the
fingerprint of a user.

Method according to one of claims 1 to 7,characterized
in that the biological features are obtained from the
iris of an eye of a user.

Apparatus for checking access authorization for
a system, comprising:

a first memory unit (6), which stores an access
authorization code and which users cannot
access or have difficulty accessing,

a second memory unit (2), which stores a
modified code, which is different than the
access
authorization code, and biological features,

an input unit (1) for entering and detecting
biological features of a user,

a first comparator unit (3), which is connected
to the input unit (1) and the second memory
unit (3), for comparing the detected biological
features with the stored biological features
and for outputting an access authorization
signal if the biological features detected by
means of the input unit (1) match the
biological features stored in the second memory
unit (2), and

a processor (4), which is connected to the
first comparator unit (3), to the second memory
unit (2) and to a second comparator unit (5),
for calculating a code from the modified code
using a computation rule on the basis of
reception of the access authorization signal
from the first comparator unit (3) and for
transmitting the calculated code to the second
comparator unit (5),

the second comparator unit (5) being connected
to the first memory unit (6) and comparing the
calculated code transmitted by the processor
(4) with the access authorization code stored
in the first memory unit (6) and, if there is a
match, granting the access authorization for
the apparatus.

Apparatus according to Claim 10,characterized
in that the system is a mobile telephone with a SIM
card.

Apparatus according to Claim 11,characterized
in that the first memory (6) is provided on the SIM
card, and the second memory (2) is a read only memory
of the mobile telephone.

Apparatus according to Claim 12,characterized
in that the access authorization code is stored on the
SIM card in encrypted form.

Apparatus according to Claim 10,characterized
in that the system comprises a computer and an external
unit which communicate with one another via an
interface.

Apparatus according to Claim 14,characterized
in that the first memory (6) is provided in the
external unit, and the second memory (2) is a read only
memory of the computer.

Apparatus according to one of Claims 10 to 15,characterized
in that the biological features are obtained from the
fingerprint of a user.

Apparatus according to one of Claims 10 to 15,characterized
in that the biological features are obtained from the
iris of an eye of a user.

EP199909695201998-09-221999-09-06Method and device for verifying the authorization to log onto a system
ActiveEP1116191B1
(en)